Managing growing networks often involving an array of networked devices can be tough. Here's how software-defined networking can help.

Daniel O'Shea

April 17, 2019

8 Min Read
Image shows a server room.
Getty Images

As more enterprises evolve their IoT proof-of-concept projects into live architectures, IoT won’t be the only technology migration many of them are tackling, as enterprise networks today are also in the midst of a broader, more multifaceted transformation.

IoT is coming into play just as enterprises are migrating beyond the hub-and-spoke architectures that have defined their networks for decades. In the traditional hub-and-spoke model, all services are processed in a centralized location, and all connectivity goes through that hub. All enterprise traffic from that hub might get backhauled through one or more MPLS links. But, that model reflected a previous hardware-centric enterprise IT era, and did not allow flexibility to prioritize particular applications or traffic, to access applications from different locations and device types, or to host and process applications in one or more external clouds.

Multiple converging trends in recent years have begun to require a new network approach: the growth and variety of different devices — not just enterprise desktops, but smartphones, IoT sensors and other devices — connected to the network; the proliferation of more distributed networks and remote telecommuting; the ever-present need to reduce enterprise connectivity and hardware costs; the rise of new network connectivity technology options, like broadband Internet access and 4G LTE; and an explosion in applications hosted in a variety of places, not just in an enterprise workstation or a corporate data center, but in a variety of potential cloud locations.

As Anand Oswal, senior vice president of engineering for Cisco Systems’ enterprise networking group puts its, “In the 1980s, everyone had a desktop and networks were not so complex. In the 90s, we had laptops coming in and then smartphones in the 2000s. The network started getting complicated. You wanted users to be able to access the resources on the enterprise network, but the users wanted to be at home, so we had VPNs and the IT manager’s job was to ensure the right person could access the right corporate resources, but not things they shouldn’t access”

Enterprise networks are growing more complex. “You have a slew of IoT devices coming in and a lot of those don’t have the same network usage rights as other devices,” Oswal said. The explosion of applications adds another dimension of complexity. Applications “ are not just in the center of the enterprise network campus environment, but also in the cloud, or in multiple clouds,” he added. Added to that is the complexity of BYOD in corporate environments. “At the same time, the user expectations are that they should have the same performance whether they are in the corporate enterprise, in a remote branch office, at home or in the café,” Oswal added. “Branch offices are directly accessing the Internet to get the right application experience, so the security need is now distributed in nature. You do not have that hub and spoke environment anymore.”

A new concept, software-defined wide area networking (SD-WAN), has emerged in recent years with the aim to simplify all of this complexity and help evolve enterprise networks into more flexible, programmable architectures that can meet the changing expectations of users. 

SD-WAN accomplishes this by adding software overlay to the enterprise network that separates network control and management functions from the physical network, similar to what software-defined networking can do in a data center or public carrier network.

“SD-WAN is a network edge architecture comprised of both overlay (software-based) and underlay (circuit-based) components,” said Jack Deal, managing director of TechCaliber Consulting, LLC, via email. “The overlay elements provide the ‘control plane’ for prioritizing and directing network traffic, and include elements such as SD-WAN orchestrators and controllers. Any required customer premises hardware is part of the overlay and would communicate with the centralized controllers (which are usually cloud-based). The underlay elements provide the data plane for moving traffic between sites, and consist of cable/DSL broadband, Ethernet access with MPLS or dedicated Internet ports, 4G (and eventually 5G) wireless and Layer 2 [in the OSI model of] point-to-point connections.”

Cisco’s Oswal added, “SD-WAN is primarily a software solution that can be delivered on trusted hardware, in the cloud, or on virtual appliances. The SD-WAN software stack comprises essential features such as routing, segmentation, access policies, security, and management and orchestration.”

By separating control and management from a variety of devices, network elements and connectivity circuits that make up the network, an enterprise can create pool of total network capacity from these circuits to use as needed, while enabling visibility throughout the network. The visibility allows network managers, in turn, to dynamically identify the best possible paths for high-priority traffic, to allocate the necessary bandwidth and administer required security policies to ensure the quality and integrity of the most mission-critical services.

“Networks have historically been static in nature.not very cost-effective and not flexible,” said Christopher Antlitz, principal analyst at Technology Business Research. “SD-WAN makes them dynamic in nature. It makes networks flexible it optimizes them It makes them more agile to support new services. It gives more control to the IT staff in the enterprise.”

SD-WAN and IoT

SD-WAN may have an important role to play in enterprise and industrial networks where IoT is starting to have a larger presence. While many IoT applications do not yet require large amounts of bandwidth on short notice, SD-WAN-based visibility into multiple enterprise connections and control of entire enterprise capacity pools will be able to dynamically allocate bandwidth for mission-critical IoT applications as they emerge, while also segmenting the most latency-sensitive and security-sensitive applications of the industrial IoT.

“We see SD-WAN in front of or part of the IoT gateway or a highly optimized service residing on the microcontroller architecture,” said TechCaliber’s Deal. “Although today’s IoT use cases may not require large bandwidth-on-demand, SD-WAN’s ability to rapidly scale for increased traffic loads will become a significant advantage with the anticipated growth in connected devices.”

In addition, SD-WAN’s ability to identify new devices coming onto the networks and allocate bandwidth to remote network users will serve enterprises well as they start to expand their IoT network presence throughout their WANs to branch offices and other distributed locations. 

“Managing the corporate traffic flows generated by millions of connected devices requires a new paradigm,” Deal said. “Planning for these massive networks will be enhanced by SD-WAN’s benefit of better end-user visibility into the network and deployment will be streamlined because of easier and faster configuration of less complex (and expensive) CPE.”

Also, SD-WAN can help enterprises manage network architectures in which the edge is becoming the center of data processing and analytics. “SD-WAN will play a critical role in connecting, securing and pushing processing power closer to edge devices,” Cisco’s Oswal said. “This will increase performance of IoT platforms by reducing latency for processing at the edge, and moving security processes — intrusion detection/prevention, DNS-layer security and advanced malware protection — near the IoT devices.”

Evolving Selling Points

One of the original arguments for deploying SD-WAN was that it could help lower network expenses for enterprise by employing capacity pools that can help enterprises reduce their reliance on expensive MPLS links by maximizing use of available capacity from other circuits. As more devices and applications emerged in enterprises amid trends like IoT, however, the case for deploying SD-WAN has evolved to become just as much or more about application performance and security in complex network environments as it is about cost savings, according to Oswal. The technology can reduce the need to backhaul traffic from IoT devices all the way to the enterprise data center, instead, transporting that traffic on dedicated secure segments to edge processors that can filter and analyze much of the IoT device data, while transmitting only refined results to clouds for further analysis. This leads to less transport expense, but also faster, more secure application processing.

“Isolating IoT on secure segments ensures that any compromised elements cannot infect the corporate network,” Oswal said.

With its ability to segment traffic, visualize best possible route paths and apply appropriate security and network usage policies to different devices on the network, it could make sense for enterprises to have SD-WAN overlays in place before they go much further down their IoT road maps. That might not be something some enterprise managers have thought about as they pursued their IoT strategies, but putting the new software layer in place to simplify control of an existing network architecture could make that much easier to introduce a plethora of new IoT-connected devices to the network, according to Deal.

“Because SD-WAN is grounded in internet-based networks, providing increased, aggregate network performance at lower cost with greater flexibility and control, it is naturally aligned with IoT networks,” Deal said. “With the various transport connections that could be used with IoT, SD-WAN provides the required reliability, visibility and security for the traffic.”

Ultimately, IoT is just one emerging enterprise network architecture of many. It doesn’t have a unique relationship with SD-WAN, but like other technologies in the enterprise can leverage SD-WAN for cost, performance, efficiency and security benefits.

“SD-WAN is a foundational component in the transformation of enterprise network architectures,” Antlitz said. “It’s one of the preliminary things enterprises need to take the next steps on their evolutionary journey.”

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like